5 Key Cyber Threats to Watch for in 2017

While 2016 has seen wave after wave of cybercriminal activity, it's time to prepare for a 2017 tsunami.

As we make our valiant kick to the finish line in 2016, it's simply too tempting to glance over our shoulders at some of the more noteworthy hacker activities of the past year. That is, before we set our sights on what's to come.

Here's just a sampling of what we've seen thus far this year:

January: The IRS was hacked again, this time by attackers using malware to automatically generate E-File personal identification numbers to assist them in stealing tax refunds.

February: A hacker published information that exposed 9000 DHS employees and approximately 20,000 FBI employees.

October: Hackers utilized a DDoS attack to take out huge swaths of the Internet using infected IoT devices.

November: AdultFriendFinder.com was targeted by hackers for a second time in two years, affecting more than 400 million users.

December: ???

What will 2017 bring?

1. Healthcare data breaches will rise

A Google search for ”healthcare breach” will yield roughly 23,100,000 results, while a Google news search returns 154,000 news articles. Obtaining sensitive medical information is white-hot in the hacker world, where personal healthcare information (PHI) is the crème de la crème of information theft in the underground.

With healthcare organizations struggling to integrate newer technologies with legacy systems that still run unsupported operating systems (like Windows XP and Windows 2003 Server), the emerging vulnerabilities of medical devices will be continue to be exploited by cybercriminals.

In early October of this year, for example, Johnson & Johnson sent letters to patients using the OneTouch Ping insulin pump with a warning that the device contained a cybersecurity flaw. Even though the company downplayed the risk, a hacker could potentially reprogram the device to administer additional doses of the diabetes drug, upping the security flaw from ‘minimal’ to life-threatening. Johnson & Johnson’s product website states - in small print - OneTouch requires an IBM-compatible PC running Windows® 2000 or XP. It is not compatible with Windows® Vista® and Windows®.

This should be a clear wake-up call for the healthcare industry to realize that along with protecting patient data, protecting the patient from critical cyber attacks via medical devices is, literally, critical.

2. Insider threats will increase

Last summer, security researchers at Kaspersky Labs found the top attack vector against Cellular Service Providers (CSPs) and Internet Service Providers (ISPs) was in hiring or blackmailing an insider. According to researchers, cybercriminals used two methods to accomplish this:

Enticing or coercing individual employees with relevant skills

Searching underground message boards to find an appropriate current or former employee

3. More Internet of Things (IoT) exploits

Business Insider predicts there will be 34 billion devices connected to the Internet by 2020. IoT devices will account for 24 billion and traditional computing devices (e.g. smartphones, tablets, smartwatches, etc.) will comprise 10 billion.

“2016 brought the opening shots in the long awaited IoT threat, from the largest-ever DDoS attack to a botnet of 25,000 video recorders and CCTV cameras sending 50,000 HTTP requests per second. These connected devices have unlocked the 1 Tbps DDoS era.”

What's to come in 2017?

“IoT platforms will need security in mind from the ground up, not simply added as an afterthought, as has been common until now.”

With exponential IoT growth expected, hackers will latch onto vulnerabilities just as they did when Microsoft Windows dominated the playing field. The recent DDoS attack that affected 80 major websites is just one example of how easy it is to enslave (factory default usernames and passwords) IoT devices into a botnet.

4. Attacks on new mobile malware will continue to grow

According to McAfee Labs, total mobile malware has grown 151% with the highest levels recorded in Q2 of this year.

“Fraud is in a constant state of evolution to stay a step ahead of the defenses deployed to stop it. Eyeballs have moved from desktops and laptops to mobile devices, and cybercriminals have adapted their strategies, launching attacks on the apps and social networks where users increasingly spend their time.”

5. Fake retail and product apps are all the rage

Be judicious in deciding what app to download. Better safe than sorry.

If you do decide to download an app, the first thing to check is the reviews.

Apps with few reviews or bad reviews are a big red flag.

Never click on a link in any email to download a new app. Only go to the website of the retailer to get a link to the app on App Store or Google Play.

Give as little information as possible if you decide to use an app.

Be reluctant to link your credit card to any app.

What's the takeaway?

In this case, there are several: Manufacturers must build security measures into medical devices that include the software lifecycle; employees should receive ongoing training regarding potential insider threats and companies should implement newer technologies to address this threat; IoT devices should be designed with ‘security in mind’ (from the ground up) and these devices should contain unique usernames and passwords with consumer education enclosed in the packaging; and more vetting and vigilance is required with mobile app downloads.

The 2017 threat landscape will very likely prove to be both daunting and ominous if businesses fail to address the weakest links in the security chain today.